Skip to main content Tech Radar Pro Tech Radar Gaming Tech Radar Pro TechRadar the business technology experts Search TechRadar View Profile België (Nederlands) Deutschland North America US (English) Australasia New Zealand Expert Insights Website builders Web hosting Best web hosting Best office chairs Best website builder Best antivirus Expert Insights Recommended reading Dangerous new Linux malware strikes - thousands of users see passwords, personal info stolen, here's what we know Public DevOps tools targeted by criminals to steal crypto Misconfigured Docker instances are being hacked to mine cryptocurrency Key Linux systems may have security flaws which allow password theft New malware avoids antivirus detection, unleashes a "plague" on your devices Misspelled a site's name? Cybercriminals are exploiting this to infect your computer with malware - here's how to stay safe More popular npm packages hijacked to spread malware Docker could still be hosting a whole load of potentially malicious images - putting users at risk Sead Fadilpašić 13 August 2025 Devs are unknowingly keeping malicious packages online When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Sora Shimazaki / Pexels) XZ-Utils backdoor was found over a year ago Despite warnings, some Linux images still contain it Debian won't budge as the images are "historical artifacts" At least 35 Linux images hosted on Docker Hub contain dangerous backdoor malware, which could put software developers and their products at risk of takeover, data theft, ransomware, and more. At least some of the images, however, will remain on the site and will not be removed, since they are outdated anyway and shouldn’t be used. In March 2024, the open source community was stunned when security researchers spotted “XZ Utils”, a piece of malicious code, in the upstream xz-utils releases 5.6.0 and 5.6.1 (the liblzma.so library) that briefly propagated into some Linux distro packages (not their stable releases). The backdoor was inserted by a developer named ‘Jia Tan’ who, in the two years leading up to that moment, built significant credibility in the community through various contributions. You may like Dangerous new Linux malware strikes - thousands of users see passwords, personal info stolen, here's what we know Public DevOps tools targeted by criminals to steal crypto Misconfigured Docker instances are being hacked to mine cryptocurrency Debian, Fedora, and others Now, security researchers at Binarly have said malicious xz-utils packages containing the backdoor were distributed in certain branches of several Linux distributions, including Debian, Fedora and OpenSUSE. “This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.” “This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.” Binarly's experts are now saying several Docker images, built around the time of the compromise, also contain the backdoor. It says that at first glance, it might not seem alarming since if the distribution packages were backdoored, then any Docker images based on them would be backdoored, as well. However, the researchers said some of the compromised images are still available on Docker Hub, and were even used in building other images which have also been transitively infected. Binarly said it found “only” 35 images because it focused solely on Debian images: Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. “The impact on Docker images from Fedora, OpenSUSE, and other distributions that were impacted by the XZ Utils backdoor remains unknown at this time.” Debian said it wouldn’t be removing the malicious images since they’re outdated anyway and shouldn’t be used. They will be left as “historical artifacts”. Via BleepingComputer You might also like Latest Ubuntu beta and other Linux distros delayed by xz-utils security issues Take a look at our guide to the best authenticator app We've rounded up the best password managers Sead Fadilpašić Social Links Navigation Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. Dangerous new Linux malware strikes - thousands of users see passwords, personal info stolen, here's what we know Public DevOps tools targeted by criminals to steal crypto Misconfigured Docker instances are being hacked to mine cryptocurrency Key Linux systems may have security flaws which allow password theft New malware avoids antivirus detection, unleashes a "plague" on your devices Misspelled a site's name? Cybercriminals are exploiting this to infect your computer with malware - here's how to stay safe Latest in Security Microsoft's latest major patch fixes a serious zero-day flaw, and a host of other issues - so update now The US Federal Court Filing System has been breached - and all the fingers are pointing to Russia Allianz Life data leaked following recent breach - our tips on how to stay safe Experts warn criminals are using backdoor malware to target governments Staffing giant Manpower hit by major data breach - around 145,000 users affected, here's what we know US government seizes $1 million from major Russian ransomware gang in a rare win for the good guys Latest in News Epic delivers on promise to fix anti-cheat games so they work on laptops with Snapdragon X CPUs – starting with Fortnite Brits are turning from VPNs to proxies to resist age verification – but their data may be at risk Kodak made me fall in love with photography, and I can't believe it may not survive Google Pixel 10 Pro Fold revealed in first official video teaser – here are 5 things to expect Microsoft's latest major patch fixes a serious zero-day flaw, and a host of other issues - so update now I can’t wait for Taylor Swift to release her new album, but this week’s The Summer I Turned Pretty season 3 episode 6 gave me a moment even better than the cover reveal LATEST ARTICLES I’ve spent more than 10 hours revisiting Viking Iceland in Senua’s Saga: Hellblade 2 Enhanced on PS5 and have fallen in love with its bleakness and misery all over again The Online Safety Act isn't just about age verification – end-to-end encryption is also at risk I’ve taken my Spotify playlists to the next level with these 3 new tricks – here’s why you should too Epic delivers on promise to fix anti-cheat games so they work on laptops with Snapdragon X CPUs – starting with Fortnite Allianz Life data leaked following recent breach - our tips on how to stay safe TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Contact Future's experts Terms and conditions Privacy policy Cookies policy Advertise with us Web notifications Accessibility Statement Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...